A user terminal uses password technology as one of technologies for justifiable user authentication. When a user succeeds password authentication in a user terminal, the user can manipulate the user terminal, and when the user fails the authentication, the manipulation of the user terminal is limited. Then, as notified via the user terminal, the user performs a user identity verification process using the user terminal or other terminals, and when the user's identity is confirmed, the user is provided with the preset password or sets a new password in the user terminal.
Here, continuous authentication failures of passwords inputted from the user imply that the user does not remember a password, that is, the user forgot the password. When a user sets a password, the set password is stored as short-term memory and changes to long-term memory with the passage of time. For a period during which the password is stored as short-term memory, a possibility that the user does not remember the password, that is, the user will forget the password is high, and for a period during which the password is stored as long-term memory, such possibility is relatively low.
Considering the password memory characteristics based on short-term memory and long-term memory, one unreasonable fact is found. The unreasonable fact is that the possibility that the user will forget the password after long-term memory of the password is very low, but in the case where the user forgets the password, the user terminal provides a cancellation service of the password in the same processing fashion, no matter whether long-term memory of the password or short-term memory of the password.
If the user fails password authentication corresponding to primary authentication, user identity verification corresponding to secondary authentication is required. Also, when the user's identity is confirmed, the failure of the primary password authentication is invalidated. Here, more attention to the required user identity verification is needed. For example, when a third party has personal information of the user, the third party may readily succeed primary password authentication after the third party succeeds user identity verification using the personal information of the user.